You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Wellington Chevreuil (Jira)" <ji...@apache.org> on 2020/07/15 10:23:00 UTC
[jira] [Commented] (HBASE-24744) enable_table_replication command
granting permissions on table automatically for the user
[ https://issues.apache.org/jira/browse/HBASE-24744?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17158048#comment-17158048 ]
Wellington Chevreuil commented on HBASE-24744:
----------------------------------------------
On your example, I can see it's adding ACL for 'hbase' user, which is the super user anyways, so although weird, functionally speaking, wouldn't be a problem. You mentioned it also happens when executing the command as other users, can you show an example output? Are these other users also global "admin" users, so that the additional entry on ACL table wouldn't make any difference on the expected behaviour (since global admins should have RWXCA on everything).
> enable_table_replication command granting permissions on table automatically for the user
> -----------------------------------------------------------------------------------------
>
> Key: HBASE-24744
> URL: https://issues.apache.org/jira/browse/HBASE-24744
> Project: HBase
> Issue Type: Bug
> Components: acl, security
> Affects Versions: 2.1.0
> Reporter: Dhanalakshmi Periyalwar
> Priority: Minor
>
> While enabling the table replication for the user table as an hbase user using the "enable_table_replication" command, permission has been granted automatically for the hbase user and getting listed in hbase:acl. The same behaviour is applicable to other users too.
> Issue Replication Steps:
> ========================
> hbase(main):001:0> whoami
> dhana (auth:SIMPLE)
> groups: dhana
> Took 0.0214 seconds
> hbase(main):002:0> list
> TABLE
> 0 row(s)
> Took 0.4268 seconds
> => []
> hbase(main):003:0> create 'mytab','f1'
> Created table mytab
> Took 0.7834 seconds
> => Hbase::Table - mytab
> hbase(main):004:0> describe 'mytab'
> Table mytab is ENABLED
> mytab
> COLUMN FAMILIES DESCRIPTION
> \{NAME => 'f1', VERSIONS => '1', EVICT_BLOCKS_ON_CLOSE => 'false', NEW_VERSION_BEHAVIOR => 'false', KE
> EP_DELETED_CELLS => 'FALSE', CACHE_DATA_ON_WRITE => 'false', DATA_BLOCK_ENCODING => 'NONE', TTL => 'F
> OREVER', MIN_VERSIONS => '0', REPLICATION_SCOPE => '0', BLOOMFILTER => 'ROW', CACHE_INDEX_ON_WRITE =>
> 'false', IN_MEMORY => 'false', CACHE_BLOOMS_ON_WRITE => 'false', PREFETCH_BLOCKS_ON_OPEN => 'false',
> COMPRESSION => 'NONE', BLOCKCACHE => 'true', BLOCKSIZE => '65536'}
> 1 row(s)
> Took 0.1319 seconds
> hbase(main):005:0> scan 'hbase:acl'
> ROW COLUMN+CELL
> hbase:acl column=l:dhana, timestamp=1593669605273, value=RWXCA
> mytab column=l:dhana, timestamp=1593673200269, value=RWXCA
> 2 row(s)
> Took 0.0969 seconds
> hbase(main):006:0> exit
> hbase(main):001:0> whoami
> hbase (auth:SIMPLE)
> groups: hbase
> Took 0.0271 seconds
> hbase(main):002:0> scan 'hbase:acl'
> ROW COLUMN+CELL
> hbase:acl column=l:dhana, timestamp=1593669605273, value=RWXCA
> mytab column=l:dhana, timestamp=1593673200269, value=RWXCA
> 2 row(s)
> Took 0.5223 seconds
> hbase(main):003:0> enable_table_replication 'mytab'
> The replication of table 'mytab' successfully enabled
> Took 16.0711 seconds
> hbase(main):004:0> scan 'hbase:acl'
> ROW COLUMN+CELL
> hbase:acl column=l:dhana, timestamp=1593669605273, value=RWXCA
> mytab column=l:dhana, timestamp=1593673200269, value=RWXCA
> mytab column=l:hbase, timestamp=1593673390976, value=RWXCA <========
> 2 row(s)
> Took 0.0089 seconds
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)